Vulnerability Details CVE-2026-34073
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.7%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2026-34073
-
cpe:2.3:a:cryptography.io:cryptography:0.1
-
cpe:2.3:a:cryptography.io:cryptography:0.2
-
cpe:2.3:a:cryptography.io:cryptography:0.2.1
-
cpe:2.3:a:cryptography.io:cryptography:0.2.2
-
cpe:2.3:a:cryptography.io:cryptography:0.3
-
cpe:2.3:a:cryptography.io:cryptography:0.4
-
cpe:2.3:a:cryptography.io:cryptography:0.5
-
cpe:2.3:a:cryptography.io:cryptography:0.5.1
-
cpe:2.3:a:cryptography.io:cryptography:0.5.2
-
cpe:2.3:a:cryptography.io:cryptography:0.5.3
-
cpe:2.3:a:cryptography.io:cryptography:0.5.4
-
cpe:2.3:a:cryptography.io:cryptography:0.6
-
cpe:2.3:a:cryptography.io:cryptography:0.6.1
-
cpe:2.3:a:cryptography.io:cryptography:0.7
-
cpe:2.3:a:cryptography.io:cryptography:0.7.1
-
cpe:2.3:a:cryptography.io:cryptography:0.7.2
-
cpe:2.3:a:cryptography.io:cryptography:0.8
-
cpe:2.3:a:cryptography.io:cryptography:0.8.1
-
cpe:2.3:a:cryptography.io:cryptography:0.8.2
-
cpe:2.3:a:cryptography.io:cryptography:0.9
-
cpe:2.3:a:cryptography.io:cryptography:0.9.1
-
cpe:2.3:a:cryptography.io:cryptography:0.9.2
-
cpe:2.3:a:cryptography.io:cryptography:0.9.3
-
cpe:2.3:a:cryptography.io:cryptography:1.0
-
cpe:2.3:a:cryptography.io:cryptography:1.0.1
-
cpe:2.3:a:cryptography.io:cryptography:1.0.2
-
cpe:2.3:a:cryptography.io:cryptography:1.1
-
cpe:2.3:a:cryptography.io:cryptography:1.1.1
-
cpe:2.3:a:cryptography.io:cryptography:1.1.2
-
cpe:2.3:a:cryptography.io:cryptography:1.2
-
cpe:2.3:a:cryptography.io:cryptography:1.2.1
-
cpe:2.3:a:cryptography.io:cryptography:1.2.2
-
cpe:2.3:a:cryptography.io:cryptography:1.2.3
-
cpe:2.3:a:cryptography.io:cryptography:1.3
-
cpe:2.3:a:cryptography.io:cryptography:1.3.1
-
cpe:2.3:a:cryptography.io:cryptography:1.3.2
-
cpe:2.3:a:cryptography.io:cryptography:1.3.3
-
cpe:2.3:a:cryptography.io:cryptography:1.3.4
-
cpe:2.3:a:cryptography.io:cryptography:1.4
-
cpe:2.3:a:cryptography.io:cryptography:1.5
-
cpe:2.3:a:cryptography.io:cryptography:1.5.1
-
cpe:2.3:a:cryptography.io:cryptography:1.5.2
-
cpe:2.3:a:cryptography.io:cryptography:1.5.3
-
cpe:2.3:a:cryptography.io:cryptography:1.6
-
cpe:2.3:a:cryptography.io:cryptography:1.7
-
cpe:2.3:a:cryptography.io:cryptography:1.7.1
-
cpe:2.3:a:cryptography.io:cryptography:1.7.2
-
cpe:2.3:a:cryptography.io:cryptography:1.8
-
cpe:2.3:a:cryptography.io:cryptography:1.8.1
-
cpe:2.3:a:cryptography.io:cryptography:1.8.2
-
cpe:2.3:a:cryptography.io:cryptography:1.9
-
cpe:2.3:a:cryptography.io:cryptography:2.0
-
cpe:2.3:a:cryptography.io:cryptography:2.0.1
-
cpe:2.3:a:cryptography.io:cryptography:2.0.2
-
cpe:2.3:a:cryptography.io:cryptography:2.0.3
-
cpe:2.3:a:cryptography.io:cryptography:2.1
-
cpe:2.3:a:cryptography.io:cryptography:2.1.1
-
cpe:2.3:a:cryptography.io:cryptography:2.1.2
-
cpe:2.3:a:cryptography.io:cryptography:2.1.3
-
cpe:2.3:a:cryptography.io:cryptography:2.1.4
-
cpe:2.3:a:cryptography.io:cryptography:2.2
-
cpe:2.3:a:cryptography.io:cryptography:2.2.1
-
cpe:2.3:a:cryptography.io:cryptography:2.2.2
-
cpe:2.3:a:cryptography.io:cryptography:2.3
-
cpe:2.3:a:cryptography.io:cryptography:2.3.1
-
cpe:2.3:a:cryptography.io:cryptography:2.4
-
cpe:2.3:a:cryptography.io:cryptography:2.4.1
-
cpe:2.3:a:cryptography.io:cryptography:2.4.2
-
cpe:2.3:a:cryptography.io:cryptography:2.5
-
cpe:2.3:a:cryptography.io:cryptography:2.6
-
cpe:2.3:a:cryptography.io:cryptography:2.6.1
-
cpe:2.3:a:cryptography.io:cryptography:2.7
-
cpe:2.3:a:cryptography.io:cryptography:2.8
-
cpe:2.3:a:cryptography.io:cryptography:2.9
-
cpe:2.3:a:cryptography.io:cryptography:2.9.1
-
cpe:2.3:a:cryptography.io:cryptography:2.9.2
-
cpe:2.3:a:cryptography.io:cryptography:3.0
-
cpe:2.3:a:cryptography.io:cryptography:3.1
-
cpe:2.3:a:cryptography.io:cryptography:3.1.1
-
cpe:2.3:a:cryptography.io:cryptography:3.2
-
cpe:2.3:a:cryptography.io:cryptography:3.2.1
-
cpe:2.3:a:cryptography.io:cryptography:3.3
-
cpe:2.3:a:cryptography.io:cryptography:3.3.1
-
cpe:2.3:a:cryptography.io:cryptography:3.3.2
-
cpe:2.3:a:cryptography.io:cryptography:3.4
-
cpe:2.3:a:cryptography.io:cryptography:3.4.1
-
cpe:2.3:a:cryptography.io:cryptography:3.4.2
-
cpe:2.3:a:cryptography.io:cryptography:3.4.3
-
cpe:2.3:a:cryptography.io:cryptography:3.4.4
-
cpe:2.3:a:cryptography.io:cryptography:3.4.5
-
cpe:2.3:a:cryptography.io:cryptography:3.4.6
-
cpe:2.3:a:cryptography.io:cryptography:3.4.7
-
cpe:2.3:a:cryptography.io:cryptography:3.4.8
-
cpe:2.3:a:cryptography.io:cryptography:35.0.0
-
cpe:2.3:a:cryptography.io:cryptography:36.0.0
-
cpe:2.3:a:cryptography.io:cryptography:36.0.1
-
cpe:2.3:a:cryptography.io:cryptography:36.0.2
-
cpe:2.3:a:cryptography.io:cryptography:37.0.0
-
cpe:2.3:a:cryptography.io:cryptography:37.0.1
-
cpe:2.3:a:cryptography.io:cryptography:37.0.2
-
cpe:2.3:a:cryptography.io:cryptography:37.0.3
-
cpe:2.3:a:cryptography.io:cryptography:37.0.4
-
cpe:2.3:a:cryptography.io:cryptography:38.0.0
-
cpe:2.3:a:cryptography.io:cryptography:38.0.1
-
cpe:2.3:a:cryptography.io:cryptography:38.0.2
-
cpe:2.3:a:cryptography.io:cryptography:38.0.3
-
cpe:2.3:a:cryptography.io:cryptography:38.0.4
-
cpe:2.3:a:cryptography.io:cryptography:39.0.0
-
cpe:2.3:a:cryptography.io:cryptography:39.0.1
-
cpe:2.3:a:cryptography.io:cryptography:39.0.2
-
cpe:2.3:a:cryptography.io:cryptography:40.0.0
-
cpe:2.3:a:cryptography.io:cryptography:40.0.1
-
cpe:2.3:a:cryptography.io:cryptography:40.0.2
-
cpe:2.3:a:cryptography.io:cryptography:41.0.0
-
cpe:2.3:a:cryptography.io:cryptography:41.0.1
-
cpe:2.3:a:cryptography.io:cryptography:41.0.2
-
cpe:2.3:a:cryptography.io:cryptography:41.0.3
-
cpe:2.3:a:cryptography.io:cryptography:41.0.4
-
cpe:2.3:a:cryptography.io:cryptography:41.0.5
-
cpe:2.3:a:cryptography.io:cryptography:41.0.6
-
cpe:2.3:a:cryptography.io:cryptography:42.0.0
-
cpe:2.3:a:cryptography.io:cryptography:42.0.1
-
cpe:2.3:a:cryptography.io:cryptography:42.0.2
-
cpe:2.3:a:cryptography.io:cryptography:42.0.3
-
cpe:2.3:a:cryptography.io:cryptography:42.0.4
-
cpe:2.3:a:cryptography.io:cryptography:42.0.5
-
cpe:2.3:a:cryptography.io:cryptography:42.0.6
-
cpe:2.3:a:cryptography.io:cryptography:42.0.7
-
cpe:2.3:a:cryptography.io:cryptography:42.0.8
-
cpe:2.3:a:cryptography.io:cryptography:43.0.0
-
cpe:2.3:a:cryptography.io:cryptography:43.0.1
-
cpe:2.3:a:cryptography.io:cryptography:43.0.2
-
cpe:2.3:a:cryptography.io:cryptography:43.0.3
-
cpe:2.3:a:cryptography.io:cryptography:44.0.0
-
cpe:2.3:a:cryptography.io:cryptography:44.0.1
-
cpe:2.3:a:cryptography.io:cryptography:44.0.2
-
cpe:2.3:a:cryptography.io:cryptography:44.0.3
-
cpe:2.3:a:cryptography.io:cryptography:45.0.0
-
cpe:2.3:a:cryptography.io:cryptography:45.0.1
-
cpe:2.3:a:cryptography.io:cryptography:45.0.2
-
cpe:2.3:a:cryptography.io:cryptography:45.0.3
-
cpe:2.3:a:cryptography.io:cryptography:45.0.4
-
cpe:2.3:a:cryptography.io:cryptography:45.0.5
-
cpe:2.3:a:cryptography.io:cryptography:45.0.6
-
cpe:2.3:a:cryptography.io:cryptography:45.0.7
-
cpe:2.3:a:cryptography.io:cryptography:46.0.0
-
cpe:2.3:a:cryptography.io:cryptography:46.0.1
-
cpe:2.3:a:cryptography.io:cryptography:46.0.2
-
cpe:2.3:a:cryptography.io:cryptography:46.0.3
-
cpe:2.3:a:cryptography.io:cryptography:46.0.4
-
cpe:2.3:a:cryptography.io:cryptography:46.0.5